CVE-2025-67588 — Missing Authorization in Website Builder

CWE-862 — Missing Authorization4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 86.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elementor Website Builder

Timeline

PublishedDec 9

Description

Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5elementor/elementor_website_builder3.33.0

🔴Vulnerability Details

CVEList

WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability↗2025-12-09

▶

GHSA

GHSA-r9vg-qvpj-r6fq: Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security↗2025-12-09

▶

🕵️Threat Intelligence

Wiz

CVE-2025-67588 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶